db8041e8c04891203e1320be443d2ab18ed17534cf936e3a5b52cbc6c98e2661

Sharing

Copy URL

Twitter E-mail

General

Target

db8041e8c04891203e1320be443d2ab18ed17534cf936e3a5b52cbc6c98e2661
Size

340KB
MD5

5a723c483fff93e02777eeadd1fa90de
SHA1

0867fd2b7c3b0c090138b4be19c7deb43cddbb3c
SHA256

db8041e8c04891203e1320be443d2ab18ed17534cf936e3a5b52cbc6c98e2661
SHA512

0f71e6dabadef19ea89b305f84079a00c2c263623b06adde836049658b2dc06f204cab428cb63cf08fbfd3302e642b023dec9cde97d0517470d00d3e5dc75dd0
SSDEEP

6144:EeF+IRTAHVGNOy0QTrC85UjjD75hQCs2c6+CQQex2KdgvJC77O:l60N75Trn5UjDgCQN2lQ7

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

db8041e8c04891203e1320be443d2ab18ed17534cf936e3a5b52cbc6c98e2661
.exe windows x86

de31040f5e7db7f8d2e204ea034032df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imjp81k

CreateIRegManInstance

kernel32

lstrlenA
LockResource
LoadResource
GetVersionExA
CreateFileW
DeleteFileW
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
FindResourceA
FindResourceExA
GetFullPathNameW
GetFullPathNameA
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
GetSystemDefaultLangID
SetLastError
GetTimeFormatA
GetDateFormatA
GetThreadLocale
GetBinaryTypeA
GetWindowsDirectoryA
GetEnvironmentVariableA
SetFilePointer
lstrcatA
LocalFree
LocalAlloc
lstrcpynA
GetCurrentProcess
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
lstrcpyA
HeapSize
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapFree
HeapAlloc
RtlUnwind
WaitForSingleObject
CreateMutexA
ReleaseMutex
GetSystemDefaultLCID
GetCurrentThreadId
GlobalHandle
OpenFileMappingA
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetStdHandle
FlushFileBuffers
lstrcmpiA
FindClose
lstrlenW
lstrcpyW
LCMapStringW
LoadLibraryA
WriteFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
DeleteFileA
GetTempPathA
GetTempFileNameA
CreateFileA
FreeLibrary
GetProcAddress
GetFileSize
ReadFile
GetCPInfo
Sleep
InterlockedExchange
IsDBCSLeadByteEx
GetACP
WideCharToMultiByte
GlobalReAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalAlloc
CloseHandle
GetLastError
CreateThread
MultiByteToWideChar
GetOEMCP

user32

GetClipboardData
CloseClipboard
CharPrevA
SetForegroundWindow
UnregisterClassA
SetWindowTextA
SetWindowTextW
RegisterClassExA
LoadStringA
PostThreadMessageA
GetWindowTextA
GetWindowTextW
GetClassNameA
GetClassInfoExA
IsClipboardFormatAvailable
DrawTextA
DrawTextW
DialogBoxParamA
DefWindowProcA
CreateWindowExA
CreateDialogParamA
DialogBoxIndirectParamA
CreateDialogIndirectParamA
CallWindowProcA
LoadIconA
MessageBeep
BeginPaint
EndPaint
FillRect
IsDialogMessageA
OpenClipboard
wsprintfA
CharNextA
FindWindowA
PeekMessageA
WaitMessage
CheckDlgButton
LoadImageA
ShowWindow
SetFocus
UpdateWindow
SetRect
SetWindowPos
GetDC
ReleaseDC
LoadBitmapA
OemToCharA
CharToOemA
PostQuitMessage
DestroyWindow
GetMessageA
TranslateMessage
DispatchMessageA
GetClientRect
ClientToScreen
LoadCursorA
EndDialog
GetWindowLongA
GetParent
IsWindowUnicode
SetWindowLongA
GetWindowRect
MoveWindow
GetDlgItem
IsWindow
ScreenToClient
SendDlgItemMessageW
SendDlgItemMessageA
EnableWindow
PostMessageW
FindWindowExA
SendMessageW
SendMessageA
IsDlgButtonChecked
PostMessageA
GetDlgCtrlID

gdi32

GetTextColor
GetBkMode
DeleteObject
SetBkMode
TranslateCharsetInfo
SetTextColor
GetObjectA
CreateFontIndirectA
GetStockObject
SelectObject
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetOpenFileNameW
CommDlgExtendedError

advapi32

RegDeleteKeyA
RegDeleteValueA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetSecurityDescriptorDacl
AllocateAndInitializeSid
IsValidSid
FreeSid
RegUnLoadKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumValueA

shell32

DragQueryFileW
DragFinish
DragAcceptFiles
DragQueryFileA

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitialize

comctl32

ord17

Exports

Exports

FSqueezeInit
FSqueezeTerm
FSqueezeUty

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de31040f5e7db7f8d2e204ea034032df

Headers

File Characteristics

Imports

imjp81k

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

comctl32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 153KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 28KB - Virtual size: 27KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 156KB - Virtual size: 153KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 28KB - Virtual size: 27KB

.UPX0
Size: 108KB - Virtual size: 260KB